package com.clj.securityoauthcustom.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.clj.securityoauthcustom.handler.OAuthenticationFailureHandler;
import com.clj.securityoauthcustom.handler.OAuthenticationSucessHandler;
import com.clj.securityoauthcustom.validate.smscode.SmsAuthenticationConfig;
import com.clj.securityoauthcustom.validate.smscode.SmsCodeFilter;
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter{

	@Autowired
	private OAuthenticationSucessHandler oAuthenticationSucessHandler;
	@Autowired
	private OAuthenticationFailureHandler oAuthenticationFailureHandler;
	@Autowired
    private SmsCodeFilter smsCodeFilter;
    @Autowired
    private SmsAuthenticationConfig smsAuthenticationConfig;
	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.addFilterBefore(smsCodeFilter, UsernamePasswordAuthenticationFilter.class) // 添加短信验证码校验过滤器.
			.formLogin()
			.loginProcessingUrl("/login") //处理表单登录 URL
			.successHandler(oAuthenticationSucessHandler)// 处理登录成功
			.failureHandler(oAuthenticationFailureHandler) // 处理登录失败
			.and()
			.authorizeRequests() //授权配置
			.antMatchers("/code/sms").permitAll()
			.anyRequest() //所有请求
			.authenticated() //都需要认证
			.and()
			.csrf().disable()
			.apply(smsAuthenticationConfig);

	}
	
	
	
}
